path: root/ext
diff options
authorshyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2011-05-06 06:19:17 +0000
committershyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2011-05-06 06:19:17 +0000
commite3a69233e6563e6c95ccdc1040afa00db7b795e9 (patch)
tree2b31f4d497f14154f0a57c9b4536ad5d9b89e80c /ext
parentbe237a9d8fad158f7cd0fd58b25eaf5884ab1664 (diff)
* ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by
silently ignoring lesser significant digits. Required buffer length can be computable so you might at first think of allocating enough memory space on the fly using alloca(). That is a wrong idea because when using alloca there is always risk of integer overflow. A function that accepts outer-process resources like this should not blindly trust its inputs. In this particular case we just want to generate miliseconds resolution by strtod() so the string in question needs no more length than what we originally have. Ignoring lesser significant digits should suffice I believe. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
1 files changed, 0 insertions, 6 deletions
diff --git a/ext/syck/rubyext.c b/ext/syck/rubyext.c
index b7ab817002..970b64ed05 100644
--- a/ext/syck/rubyext.c
+++ b/ext/syck/rubyext.c
@@ -281,12 +281,6 @@ mktime_do(VALUE varg)
while ( isdigit( *end ) ) end++;
length = (int)(end - begin) <= padding ? (int)(end - begin) : padding;
MEMCPY(padded, begin, char, length);
- length = (int)(end - begin);
- if (length > padding) {
- length = length - padding;
- MEMCPY(padded + offset, begin + padding, char, length);
- }
usec = strtod(padded, NULL);